--- - name: Set hostname and ip facts set_fact: # Store etcd_hostname and etcd_ip such that they will be available # in hostvars. Defaults for these variables are set in etcd_common. etcd_hostname: "{{ etcd_hostname }}" etcd_ip: "{{ etcd_ip }}" - name: Install etcd action: "{{ ansible_pkg_mgr }} name=etcd state=present" when: not etcd_is_containerized | bool - name: Pull etcd container command: docker pull {{ openshift.etcd.etcd_image }} when: etcd_is_containerized | bool - name: Install etcd container service file template: dest: "/etc/systemd/system/etcd_container.service" src: etcd.docker.service register: install_etcd_result when: etcd_is_containerized | bool - name: Ensure etcd datadir exists when: etcd_is_containerized | bool file: path: "{{ etcd_data_dir }}" state: directory mode: 0700 - name: Disable system etcd when containerized when: etcd_is_containerized | bool service: name: etcd state: stopped enabled: no - name: Check for etcd service presence command: systemctl show etcd.service register: etcd_show changed_when: false - name: Mask system etcd when containerized when: etcd_is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout command: systemctl mask etcd - name: Reload systemd units command: systemctl daemon-reload when: etcd_is_containerized | bool and ( install_etcd_result | changed ) - name: Validate permissions on the config dir file: path: "{{ etcd_conf_dir }}" state: directory owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" mode: 0700 - name: Validate permissions on certificate files file: path: "{{ item }}" mode: 0600 owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" when: etcd_url_scheme == 'https' with_items: - "{{ etcd_ca_file }}" - "{{ etcd_cert_file }}" - "{{ etcd_key_file }}" - name: Validate permissions on peer certificate files file: path: "{{ item }}" mode: 0600 owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" when: etcd_peer_url_scheme == 'https' with_items: - "{{ etcd_peer_ca_file }}" - "{{ etcd_peer_cert_file }}" - "{{ etcd_peer_key_file }}" - name: Write etcd global config file template: src: etcd.conf.j2 dest: /etc/etcd/etcd.conf backup: true notify: - restart etcd - name: Enable etcd service: name: "{{ etcd_service }}" state: started enabled: yes register: start_result - set_fact: etcd_service_status_changed: "{{ start_result | changed }}"